# vim: set ft=dockerfile:
FROM golang:1.23-bookworm AS build

ARG BUILD_VERSION

WORKDIR /go/src/crowdsec

ENV DEBIAN_FRONTEND=noninteractive
ENV DEBCONF_NOWARNINGS="yes"

# We like to choose the release of re2 to use, the debian version is usually older.
ENV RE2_VERSION=2023-03-01
ENV BUILD_VERSION=${BUILD_VERSION}

# wizard.sh requires GNU coreutils
RUN apt-get update && \
    apt-get install -y -q git gcc libc-dev make bash gettext binutils-gold coreutils tzdata && \
    wget https://github.com/google/re2/archive/refs/tags/${RE2_VERSION}.tar.gz && \
    tar -xzf ${RE2_VERSION}.tar.gz && \
    cd re2-${RE2_VERSION} && \
    make && \
    make install && \
    echo "githubciXXXXXXXXXXXXXXXXXXXXXXXX" > /etc/machine-id && \
    go install github.com/mikefarah/yq/v4@v4.44.3

COPY . .

RUN make clean release DOCKER_BUILD=1 BUILD_STATIC=1 && \
    cd crowdsec-v* && \
    ./wizard.sh --docker-mode && \
    cd - >/dev/null && \
    cscli hub update --with-content && \
    cscli collections install crowdsecurity/linux && \
    cscli parsers install crowdsecurity/whitelists

    # In case we need to remove agents here..
    # cscli machines list -o json | yq '.[].machineId' | xargs -r cscli machines delete

FROM debian:bookworm-slim AS slim

ENV DEBIAN_FRONTEND=noninteractive
ENV DEBCONF_NOWARNINGS="yes"

RUN apt-get update && \
    apt-get install -y -q --install-recommends --no-install-suggests \
    procps \
    systemd \
    iproute2 \
    ca-certificates \
    bash \
    tzdata \
    rsync && \
    mkdir -p /staging/etc/crowdsec && \
    mkdir -p /staging/etc/crowdsec/acquis.d && \
    mkdir -p /staging/var/lib/crowdsec && \
    mkdir -p /var/lib/crowdsec/data

COPY --from=build /go/bin/yq /usr/local/bin/crowdsec /usr/local/bin/cscli /usr/local/bin/
COPY --from=build /etc/crowdsec /staging/etc/crowdsec
COPY --from=build /go/src/crowdsec/docker/docker_start.sh /
COPY --from=build /go/src/crowdsec/docker/config.yaml /staging/etc/crowdsec/config.yaml
RUN yq -n '.url="http://0.0.0.0:8080"' | install -m 0600 /dev/stdin /staging/etc/crowdsec/local_api_credentials.yaml && \
    yq eval -i ".plugin_config.group = \"nogroup\"" /staging/etc/crowdsec/config.yaml

ENTRYPOINT ["/bin/bash", "docker_start.sh"]

FROM slim AS plugins

# Due to the wizard using cp -n, we have to copy the config files directly from the source as -n does not exist in busybox cp
# The files are here for reference, as users will need to mount a new version to be actually able to use notifications
COPY --from=build \
    /go/src/crowdsec/cmd/notification-email/email.yaml \
    /go/src/crowdsec/cmd/notification-http/http.yaml \
    /go/src/crowdsec/cmd/notification-slack/slack.yaml \
    /go/src/crowdsec/cmd/notification-splunk/splunk.yaml \
    /go/src/crowdsec/cmd/notification-sentinel/sentinel.yaml \
    /staging/etc/crowdsec/notifications/

COPY --from=build /usr/local/lib/crowdsec/plugins /usr/local/lib/crowdsec/plugins

FROM slim AS geoip

COPY --from=build /var/lib/crowdsec /staging/var/lib/crowdsec

FROM plugins AS full

COPY --from=build /var/lib/crowdsec /staging/var/lib/crowdsec
